Kevin Peuhkurinen wrote:
Hi all. Forgive me if this has been discussed before. I'm sure it
must have been, but I cannot find anything useful in the archives.
My problem is that for security reasons, all incoming email is first
recieved by my Checkpoint firewall's SMTP Security Server. It is then
handed off to my Exim/SpamAssassin box. I want to have Exim run SPF
checks on the incoming mail and add the SPF headers. I am not at this
point interested in enforcing any sort of policy, I just want the
headers. The problem, of course, is that while Checkpoint preserves
the envelope headers, the Exim box sees the sending IP and HELO as the
firewall. I'm thinking that A) I'm SOL in terms of the specifications
and B) if I want this to work I'm going to have to kludge something
together that extracts the IP address of the sending host from the
recieved headers and calls spfd itself or (>shudder<) write an OPSEC
compliant module for the firewall itself.
Has anyone else already dealt with issues like this?
We were faced with the same problems some years ago. Checkpoint SMTP is
a nice security feature but is a major PITA if you need to do something
a bit outside of what it's exactly designed to do. We have an incoming
SMTP server that receives (and possibly rejects) SMTP traffic. Mail is
afterwards re-routed to an other SMTP server via the firewall. Email me
directly if you need more info.
--
Rene Barbier
IRIS http://www.irislink.com/
| Fight Spam! Join EuroCAUCE: http://www.euro.cauce.org/ |